package com.zx.mes.hyl.authorize;

import com.zx.mes.hyl.security.core.authorize.AuthorizeConfigProvider;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

/**
 * security 授权配置
 * @author huayunlong
 * @date 2018-7-10
 */
@Configuration
public class RbacAuthorizeConfigProvider implements AuthorizeConfigProvider{

    @Override
    public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {

        expressionInterceptUrlRegistry
                .anyRequest()
                .access("@rbacService.hasPermission(request, authentication)");
        return true;
    }
}
